Solution:
<aside>
đź’ˇ GREP-OS is developing a fully sandboxed enterprise-grade desktop where each desktop component is tractable, isolated, and immutable. The base operating system (OS) is read only and it is verified. We make sure that the firmware, hardware and kernel are checked through the boot process. All programs are isolated from each other and the base system. Graphical applications primarily come isolated in snaps or flatpak. Command-line interface (CLI) apps in lightweight virtual machines (VM) or containers.
</aside>
This approach has several advantages, including:
- Security: Containerization disallows malicious software from changing the core system or propagating malware. This affords true reactivity. Also, atomic updates ensure reliable system updates and automatic recovery as corrupted updates are reversible. Also, updates are possible without altering the base system.
- Modularity: Thanks to the compatibility layer, users can use applications native to other operating systems while enjoying Linux security. For instance, users can still use Microsoft Teams, Spotify, and OBS.
- Reproducibility: Since everybody is on the same build, errors can be tested and troubleshooted in different devices simultaneously.
- Manageability: Since each build is identical, administrators do not need to worry about inconsistencies or changes between different systems. Also, atomic updates and rollbacks greatly simplify the system update and troubleshooting process.
- Hackability: We’re building a useful desktop system for not just office workers, gamers and home users but also developers. We don’t want the OS to get in your way so we provide a secure desktop with tight integration with development tools.
- Reliability (Predictability): Since the system cannot be altered during runtime due to static OS compilation, we do not need to worry about configuring individual instances.
- Single Purpose: As desktop applications are exclusively run via containers, the desktop can handle multiple tasks such as browsing, gaming, developing, etc., while effectively only handling a single task–containerization.
Why Linux?
A Case for Containerized Applications